Get Started with WildFire

The following steps provide a quick workflow to get started with WildFire®. If you’d like to learn more about WildFire before getting started, take a look at the
WildFire Overview and review
WildFire Best Practices.

Decide which of the
WildFire Deployments works for you:
WildFire global cloud—Forward samples to the WildFire global cloud, or to one of two regional clouds hosted in Europe and Japan.
WildFire private cloud—
(Requires a WF-500 appliance)
Forward samples to a local WF-500 appliance that resides on your network.
WildFire hybrid cloud—
(Requires a WF-500 appliance)
Forward some samples to the WildFire public cloud and some samples to a WildFire private cloud.

Log in to the firewall.
Select
Device > Licenses
and check that the WildFire License is active.
If the WildFire License is not displayed, select one of the License Management options to activate the license.

Enable the firewall to get the latest WildFire signatures.
New WildFire signatures are made available every five minutes to detect and identify malware.

Select
Device > Dynamic Updates:
(WildFire public and hybrid cloud)
Check that
WildFire
updates are displayed.
(WildFire private and hybrid cloud)
Check that
WF-Private
updates are displayed. For the firewall to receive signatures from a WF-500 appliance, you must enable the WF-500 appliance to locally generate signatures and URL categories.
Select
Check Now
to retrieve the latest signature update packages.
Set the
Schedule
to download and install the latest WildFire signatures.
Use the
Recurrence
field to set the frequency at which the firewall checks for new updates to
Every Minute.
As new WildFire signatures are available every five minutes, this setting ensures the firewall retrieves these signatures within a minute of availability.
Enable the firewall to
Download and Install
these updates as the firewall retrieves them.
Click
OK.

Attach the
default
Antivirus profile to a security policy rule to scan traffic the rules allows based on WildFire antivirus signatures (select
Policies > Security
and add or a modify the defined
Actions
for a rule).

Start submitting samples for WildFire analysis.

Define traffic to forward for WildFire analysis. (Select
Objects > Security Profiles > WildFire Analysis
and modify or
Add
a WildFire Analysis profile).
As a best practice, use the WildFire Analysis default profile to ensure complete WildFire coverage for traffic the firewall allows. If you still decide to create a custom WildFire Analysis profile, set the profile to forward
Any
file type—this enables the firewall to automatically start forwarding newly-supported file types for analysis.
For each profile rule, set the
WildFire Deployments
Destination
to which you want the firewall to forward samples for analysis—
public-cloud
or the
private-cloud.
Attach the WildFire Analysis profile to a security policy rule. Traffic matched to the policy rule is forwarded for WildFire analysis (
Policies > Security
and
Add
or modify a security policy rule).

If you enabled logging of benign files in
Step 4, select
Monitor > WildFire Submissions
and check that entries are being logged for benign files submitted to WildFire. (If you’d like to disable logging of benign files after confirming that the firewall is connected to WildFire, select
Device > Setup > WildFire
and clear
Report Benign Files).
Other options to
Verify File Forwarding allow you to confirm that the firewall forwarded a specific sample, view samples the firewall forwards according to file type, and to view the total number of samples the firewall forwards.
Test a Sample Malware File to test your complete WildFire configuration.

Investigate WildFire analysis results.

Find WildFire analysis results:
Use the Firewall to Monitor Malware
and view WildFire analysis reports for a sample.
View Reports on the WildFire Portal for all samples submitted to the WildFire public cloud, including samples that you manually submitted to the WildFire public cloud.
Use the WildFire API to retrieve sample verdicts and reports from a WF-500 appliance.
Assess the risk of malware you find on your network with the AutoFocus
threat intelligence portal. AutoFocus layers data from global WildFire submissions with statistics to identify pervasive and targeted malware, both on your network, within our industry, and globally.